comparison common/binverify.h @ 579:f4ce4eef3b38

Implement PKCS#7 embedded signature verfification for windows
author Andre Heinecke <aheinecke@intevation.de>
date Tue, 27 May 2014 10:28:36 +0000
parents
children ecfd77751daf
comparison
equal deleted inserted replaced
578:bf54c9fc0d63 579:f4ce4eef3b38
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
2 * Software engineering by Intevation GmbH
3 *
4 * This file is Free Software under the GNU GPL (v>=2)
5 * and comes with ABSOLUTELY NO WARRANTY!
6 * See LICENSE.txt for details.
7 */
8
9 #ifndef BINVERIFY_H
10 #define BINVERIFY_H
11 /* @file binverify.h
12 * @brief Verification of binary files
13 */
14 #include <stdbool.h>
15 #include <stddef.h>
16
17 #ifdef __cplusplus
18 extern "C" {
19 #endif
20
21 /**
22 * @enum bin_verify_result
23 * @brief Result of a verification
24 */
25 typedef enum {
26 Valid = 100, /*! Could be read and signature matched */
27 UnknownError = 1, /*! The expected unexpected */
28 InvalidSignature = 4, /*! Signature was invalid */
29 ReadFailed = 6, /*! File exists but could not read the file */
30 } bin_verify_result;
31
32 #ifdef WIN32
33 /**
34 * @brief verify a binary
35 *
36 * This function checks that a binary is signed by a built
37 * in certificate.
38 *
39 * Caution: This function works on file names only which could
40 * be modified after this check.
41 *
42 * The verification is done using Windows crypto API based on
43 * embedded PKCS 7 "authenticode" signatures embedded into the
44 * file.
45 *
46 * @param[in] filename absolute null terminated UTF-8 encoded path to the file.
47 * @param[in] name_len length of the filename.
48 *
49 * @returns the verification result.
50 */
51 bin_verify_result verify_binary_win(const char *filename, size_t name_len);
52 #endif /* WIN32 */
53
54 #ifdef __cplusplus
55 }
56 #endif
57
58 #endif /* BINVERIFY_H */

http://wald.intevation.org/projects/trustbridge/